Fresh Malvertising Strain Identified

ALWIL Software, a security firm has unearthed a malware attack widely spreading and contaminating display advertisements from major online advertising services and publishers.

The company's researchers said that the new malware is "JS:Prontexi." According to them, it is a certain JavaScript that facilitates malware assaults against vulnerable software like Adobe along with various zero-day exploits.

Covering over half of all Internet advertisements, the services that are most compromised are fimserve.com (FOX Audience Network) and yieldmanager.com (Yahoo). The ad services, which are poisoned, comprise bannerimg.com, advertangel.com, zedo.com, jambovideonetwork.com, vestraff.com and myspace.com. Advertising server Doubleclick.com that's associated with Google occupies the fifth position on the avast! Virus Lab's List which includes contaminated servers measured by their degree of infection.

According to avast! Senior Virus Analyst, Jiri Sejtko, the method of corrupt online advertisement infiltration is becoming increasingly popular as users don't have to access anything by clicking over here, as per the news published by TMCnet.com March 16, 2010..
Sejtko further explains that users may become infected simply when they read a much liked newspaper or when they perform a Web-search with a hot topic. He adds that as soon as the browser loads the corrupt advertisement, infection starts on the system.

The security firm says that JS:Prontexi indicates how slack providers of advertising services are carelessly screening the content before dispersing it. Distributing contaminated content as in the current case entails twin dangers for ad firms. With such an approach, apart from loosing the confidence of their customers, these ad companies can also be blocked or flagged by anti-virus programs as a malware source.

Moreover, according to the company's researchers, the current piece of malware is the most recent within a continuous series of malicious programs that online ad services distribute, a practice called "malvertising."

In the meantime, over the past months, people behind such malware assaults, apparently have become increasingly bold and inventive while abusing advertising, advertisers as well as agencies to use them as a new medium for disseminating malware. As a result, various attacks are launched, with some infecting operating systems of computers either for the theft of private credentials or for other sinister activities.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 3/25/2010